3. In future, most of the IT infrastructure will be on cloud. What roles will VPN have then?

The network must be design and deploy in such a way that it will provide (1) maximum security vs (2) minimum cost of deployment vs (3) ease of use – it will depends on the priority and the level of acceptance for the three major factors.

maximum security may provide maximum protection, however may increase the difficultly of accessing the system from your registered users

minimum cost of deployment may provide ease of use, however, may not provide adequate protection for your network

ease of use – Too restricted or Too loose – both has it’s positive and negative points

So, to harden at what level?, to protect at what level? – that is a network architecture design that must be discuss and plan with your network infrastructure partner. We will be most happy to provide our inputs to your partner.

1. Is Microsoft Navision Secure enough to work without VPN?

Dynamics NAV can be deployed (without VPN) to be access through web-browser, client-server apps on the local PC and smart phone – all going through SSL certificate.

Is it secure enough, yes, if the system and the network is hardened, through DMZ, routers, anti-virus, disable-RDP ports etc…

2. What is best practice? How companies that use Navision practice.

3. In future, most of the IT infrastructure will be on cloud. What roles will VPN have then?

What’s the best practice and what’s the role of VPN in a cloud-computing environment.

For internet-facing applications, it is best to employ a DMZ for the Web or Windows applications. In this way, your apps server or IIS may be exposed to the WWW, but not your corporate network or Database is hiding behind another firewall. This makes intrusion to your internet network more difficult.

A VPN adds another secured tunnel layer to access your network.

The last and most important factor is the DB backup policy for disaster recovery purposes – be it (1) delayed-availability or (2) high-availability – to safeguard and restore any database in the event that your network and servers are compromise.